VDB
CVE-2024-23833
CVE-2024-23833
PUBLISHED
CVSS 7.5 HIGH
OpenRefine JDBC Attack Vulnerability
EPSS 1.33% · 80.3th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
1.33%
80.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maven | org.openrefine:database | 0, 0 |
| OpenRefine | OpenRefine | < 3.7.8, < 3.7.8 |
| openrefine | openrefine | 0, 0 |
Exploit Intelligence
- CIRCL seen: CVE-2024-23833 (circl-sighting)
- CIRCL seen: CVE-2024-23833 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2024-23833 (circl-sighting)
- https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-6p92-qfqf-qwx4 (nist-nvd)
- https://github.com/OpenRefine/OpenRefine/commit/41ccf574847d856e22488a7c0987ad8efa12a84a (circl)
Timeline
- Jan 21, 1970 Security Advisory
- Feb 11, 2024 PoC Published
- Feb 12, 2024 CVE Published
- Feb 12, 2024 PoC Published
- Feb 13, 2024 EPSS Score
- Mar 3, 2024 PoC Published
- Mar 11, 2024 EPSS Score
- Apr 7, 2024 EPSS Score
- May 4, 2024 EPSS Score
- May 31, 2024 EPSS Score
- Jul 25, 2024 EPSS Score
- Aug 21, 2024 EPSS Score